pool/dracut
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57f8729f24
dracut/0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
Thomas Renninger 89f9350d9e Accepting request 314510 from home:trenn:branches:Base:System 
- Fix dmraid issue bnc#905746
A    dracut_dmraid_use_udev.patch
- Taken over from SLE12
A    fips_add_aesni-intel.patch
- Do not touch /run vs /var/run bnc#922676
D    0106-dracut-Enable-converting-of-directory-var-run-var-lo.patch
- Update dracut to version 042
Remove these already included or unneeded patches:
D    dracut_v041_to_HEAD.patch
D    0011-Correct-paths-for-openSUSE.patch
D    0068-95fcoe-uefi-Test-for-EFI-firmware.patch
D    0170-enable-logitech-hidpp.patch
Adjust/refresh:
M    0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
M    0016-Add-new-s390x-specific-rule-files.patch
M    0017-45ifcfg-use-distro-specific-scripts.patch
M    0019-40network-Fix-race-condition-when-wait-for-networks.patch
M    0020-00warpclock-Set-correct-timezone.patch
M    0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
M    0048-40network-Only-enable-network-interfaces-if-explicit.patch
M    0053-01fips-fixup-loading-issues.patch
M    0056-81cio_ignore-handle-cio_ignore-commandline.patch
M    0057-01fips-Include-some-more-hmacs.patch
M    0058-dracut-add-warning-when-including-unsupported-module.patch
M    0059-99suse-Add-SUSE-specific-initrd-parsing.patch
M    0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
M    0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
M    0066-40network-always-start-netroot-in-ifup.sh.patch
M    0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
M    0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch

OBS-URL: https://build.opensuse.org/request/show/314510
OBS-URL: https://build.opensuse.org/package/show/Base:System/dracut?expand=0&rev=219
2015-06-30 12:59:59 +00:00

63 lines
2.8 KiB
Diff
Raw Blame History

From 6a85f188d671723ad76bb729307c12e89199b7bd Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 14 Aug 2014 16:13:55 +0200
Subject: Switch from Mozilla NSS sha256hmac checking to fipscheck as
recommended
Signed-off-by: Thomas Renninger <trenn@suse.de>
---
modules.d/01fips/fips.sh | 6 ++----
modules.d/01fips/module-setup.sh | 13 +++++++------
2 files changed, 9 insertions(+), 10 deletions(-)
Index: dracut-042/modules.d/01fips/fips.sh
===================================================================
--- dracut-042.orig/modules.d/01fips/fips.sh 2015-06-24 18:02:07.817284113 +0200
+++ dracut-042/modules.d/01fips/fips.sh 2015-06-24 18:02:28.266448262 +0200
@@ -59,9 +59,7 @@ do_rhevh_check()
kpath=${1}
# If we're on RHEV-H, the kernel is in /run/initramfs/live/vmlinuz0
- HMAC_SUM_ORIG=$(cat $NEWROOT/boot/.vmlinuz-${KERNEL}.hmac | while read a b || [ -n "$a" ]; do printf "%s\n" $a; done)
- HMAC_SUM_CALC=$(sha512hmac $kpath | while read a b || [ -n "$a" ]; do printf "%s\n" $a; done || return 1)
- if [ -z "$HMAC_SUM_ORIG" ] || [ -z "$HMAC_SUM_CALC" ] || [ "${HMAC_SUM_ORIG}" != "${HMAC_SUM_CALC}" ]; then
+ if fipscheck $NEWROOT/boot/vmlinuz-${KERNEL} ; then
warn "HMAC sum mismatch"
return 1
fi
@@ -126,7 +124,7 @@ do_fips()
elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
else
- sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+ fipscheck "/boot/vmlinuz-${KERNEL}" || return 1
fi
info "All initrd crypto checks done"
Index: dracut-042/modules.d/01fips/module-setup.sh
===================================================================
--- dracut-042.orig/modules.d/01fips/module-setup.sh 2015-06-24 18:02:23.422172483 +0200
+++ dracut-042/modules.d/01fips/module-setup.sh 2015-06-24 18:02:28.266448262 +0200
@@ -41,15 +41,16 @@ install() {
inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
inst_script "$moddir/fips.sh" /sbin/fips.sh
- inst_multiple sha512hmac rmmod insmod mount uname umount fipscheck
+ inst_multiple rmmod insmod mount uname umount fipscheck
- inst_libdir_file libsoftokn3.so libsoftokn3.so \
- libsoftokn3.chk libfreebl3.so libfreebl3.chk \
- libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 \
+ inst_libdir_file \
+ fipscheck .fipscheck.hmac \
+ libfipscheck.so.1 \
+ .libfipscheck.so.1.hmac .libfipscheck.so.1.1.0.hmac \
+ libcrypto.so.1.0.0 libssl.so.1.0.0 \
.libcrypto.so.1.0.0.hmac .libssl.so.1.0.0.hmac \
.libcryptsetup.so.4.5.0.hmac .libcryptsetup.so.4.hmac \
.libgcrypt.so.20.hmac \
- .libfipscheck.so.1.hmac .libfipscheck.so.1.1.0.hmac
libfreeblpriv3.so libfreeblpriv3.chk
# we do not use prelink at SUSE
Reference in New Issue View Git Blame Copy Permalink